Kenneth Blanco, director of the Financial Crimes Enforcement Network. Courtesy photoAs Cyberattacks on Business Grow, General Counsel Are 'Thirsty' for More Details
The rate of cyber-related suspicious activity reports has grown to nearly 80,000 per year, according to the director of the Financial Crimes Enforcement Network in the U.S. Treasury Department. That number includes 13,500 reports per year on suspicious business email alone, up 95% from 2016.
June 14, 2019 at 04:39 PM
5 minute read
The rate of cyber-related suspicious activity reports has grown to nearly 80,000 per year, according to Kenneth Blanco, director of the Financial Crimes Enforcement Network in the U.S. Treasury Department.
That number includes 13,500 reports per year on suspicious business email alone, up 95% from 2016. Phishing and other email schemes “are among the growing trend of cyber-enabled crime adversely affecting financial institutions, their customers, and others, which is estimated to have resulted in losses of more than $12.5 billion since 2013,” Blanco said in a June 12 speech at New York University Law School.
Laurel Rimon, senior counsel at O'Melveny & Myers in Washington, D.C., who focuses on cyber and white-collar crime, attended the speech. After serving 15 years with the Department of Justice and as an assistant U.S. attorney, Rimon served as general counsel of the office of inspector general for the U.S. Department of Homeland Security from 2015 to 2018, and as assistant deputy director of enforcement at the Consumer Financial Protection Bureau for three years before that.
She said she thinks the significant increase in reported activity is due to a combination of factors, including “the exponential explosion of these events in general,” as well as companies increasing their monitoring to detect events.
Another factor in the increase, Rimon said, is companies feel reporting is required after a 2016 federal advisory that says, “With respect to e-mail-compromise fraud, a financial institution may have a [report] filing obligation regardless of whether the scheme or involved transactions were successful, and regardless of whether the financial institution or its customers incurred an actual loss.”
Rimon said she “talks regularly with general counsel and chief compliance officers about these issues,” and one area she thinks can be improved is the sharing of information within an organization.
“Sharing information is always a challenge,” she said, “but there is a much stronger emphasis now on making sure different silos in the business are talking to one another.” She said the role of compliance is to force that information sharing to happen where it needs to.
Michael Zweiback, a partner and co-founder at boutique white-collar and cybersecurity law firm Zweiback Fiset & Coleman, said he advises in-house counsel that sometimes the simplest techniques can be the best.
“The old analog method of picking up the phone and actually verifying a transaction over a certain dollar amount” needs to be done, he said. Zweiback formerly served as an assistant U.S. attorney in central California and was chief of its cyber and intellectual property crimes section.
“General counsel need to look at patterns of behavior of their own personnel, and make sure they are not doing the easiest and most efficient thing electronically, while not actually talking to one another,” he advised.
He said in-house counsel also need to “make friends” with the local office of the FBI. “The FBI has the expertise and has had good success in retrieving these wire transfers [based on deceptions],” he said. “But the key is time. They must be able to jump on it immediately.”
Both Rimon and Zweiback said the government also needs to be doing a better job of reaching out to businesses and helping them understand how attacks happen and how they can better prepare internally.
When it comes to suspicious activity reports, Rimon said, “the greatest frustration on the part of financial organizations is that it's a one-way street.” She said every company wants more information on the nature and types of attacks and how to avoid them.
“I worked in government, so I understand that it's not in the business of reporting back. But with financial transactions, the government should be providing more information and analysis on what it's seeing in the reports so companies can attune their processes to be more meaningful.”
For the government's part, Blanco closed his speech by noting ongoing efforts to upgrade and modernize the reporting system and to enhance his agency's engagement with the financial sector.
He said he wants to “incorporate the innovative approaches being taken by financial institutions and others, in order to have the best and most actionable information available.”
Rimon would welcome it if it means more sharing. She said that “general counsel and compliance folks continue to be thirsty for more details” about how they can develop compliance programs in ways the government will appreciate and that will also be more efficient for the institutions.
“I feel strongest about that point,” Rimon said. “It is very frustrating for companies dedicated to compliance and who really want to provide meaningful information, when they are kept in the dark about what the government is aware of. They need more insight.”
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
How Amy Harris Leverages Diversity to Give UMB Financial a Competitive Edge
5 minute read
Auditor Finds 'Significant Deficiency' in FTC Accounting to Tune of $7M
4 minute read
'We’re Here to Empower People to Make Good Decisions': Why Compliance Chiefs Must Learn to Think Like a Businessperson
Trump's SEC Likely to Halt 'Off-Channel' Texting Probe That's Led to Billions in Fines
Trending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
